On September 3, 2020, The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee), met to discuss the future of future of EU-US personal data flows following the Schrems II decision. In particular, the session was attended by Max Schrems, EU Commissioner for Justice Didier Reynders, and Andrea Jelinek (head of […]
EU Regulation
After Schrems II: A Proposal to Meet the Individual Redress Challenge
On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield in the Schrems II case. In an article written by Georgia Tech professor and Alston & Bird Senior Counsel Peter Swire with co-author Kenneth Propp, entitled ‘After Schrems II: A Proposal to Meet the Individual Redress Challenge’, […]
European Data Protection Board Statement Provides Preliminary Insight into Use of Standard Contractual Clauses Following Schrems II Judgment
On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment invalidated the EU-U.S. Privacy Shield, and issued a number of clarifications and caveats on the use of Standard […]
Schrems 2.0: CJEU invalidates EU-US Privacy Shield and emphasizes exporter obligations when using Standard Contractual Clauses
Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]
French CNIL Launches Public Consultation on Cookie Consent Recommendations
On January 14, 2020, the French data protection authority (CNIL) launched a public consultation on its draft recommendations for the collection of consent in the context of cookies and other tracking technologies (the ‘draft Recommendations’). Under EU ePrivacy rules, such technologies generally may not be placed on – or accessed from – users’ devices without […]